Synology RT2600AC Router Ad-Block Script

Most of the scripts online such as this, this, and this, are written for Synology DSM or their NAS. I have been having some issues using these scripts on my Synology Router. Synology does not publish as many official packages for their router as their NAS anyways. 

I think these scripts do not work well because the shell in their router is busybox ash rather than a more advanced shell. My theory is based on the execution errors I get. It appears some functions and syntax that work for others on NAS does not work on the router. 

However I managed to combine a couple of scripts to make it work decently. 

Just scp and upload the following shell script as update blacklist.sh to your Synology Router, to the folder “/var/packages/DNSServer/target/script/”, and execute the shell as root after you SSH in, and it should work. 

#!/bin/sh
# Name: updateblacklist.sh
# Author: Ryan Gibbons <rtgibbons23 @ gmail.com>
# Date: 20160214
# Description: Updated a blacklist data file for Bind that will point a null zone to route each domain to 0.0.0.0
# Inspiration and Thanks:
# 	* http://www.wilderssecurity.com/threads/a-script-for-updating-your-hosts-file.343978/
# 	* http://someonewhocares.org/hosts/
#       * http://pgl.yoyo.org/adservers/
#       * http://winhelp2002.mvps.org/
#       * http://hosts-file.net/
# Modified by Jeremy Yan <jeremy at yansc dot com>
# Credit: Ryan Gibbons, dMajo, and Gerzon

# Process URLs if they offer a zip we'll use it to save them bandwidth. 
# Not using host-file.net b/c it ~350K objects and causes named to consume over 2GB ram
ZIP_URLS="http://winhelp2002.mvps.org/hosts.zip" # http://hosts-file.net/download/hosts.zip"
PLAIN_URLS="http://someonewhocares.org/hosts/host http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext"

# Use a temporary directory to store the downloads and working files
TMPDIR=/volume1/@appstore/DNSServer/named/tmp/updateblacklist
TMPFILE=$(head -c 50 /dev/urandom | tr -dc 'a-zA-Z0-9')

BLACKLISTFILE=/volume1/@appstore/DNSServer/named/etc/zone/data/blacklist.db

mkdir -p $TMPDIR

i=1

for url in $ZIP_URLS; do
	# Silent curl on each URL comparing the last-modified-since before attempting to downlaod
        curl -s -z $TMPDIR/$i.zip -o $TMPDIR/$i.zip $url
        # Unzip to stdout, sed to remove windows newliens and domains ending with period,
        # The $ before the first sed expression is to process the string in bash b/c version of sed with DSM5.2 doesn't recongize \r
        # then for each entry in a host file pointing to 127.0.0.1 or 0.0.0.0 create a BIND formated zone statement
        unzip -c $TMPDIR/$i.zip | sed -e $'s/\r//' -e 's/\.$//' | awk '/^(0.0.0.0|127.0.0.1)/{print "zone \""$2"\" { type master; notify no; file \"/etc/zone/master/null.zone.file\"; };"}' >> $TMPDIR/$TMPFILE
        i=$((i + 1))
done

for url in $PLAIN_URLS; do
        curl -s -z $TMPDIR/$i -o $TMPDIR/$i $url
        cat $TMPDIR/$i | sed -e $'s/\r//' -e 's/\.$//' | awk '/^(0.0.0.0|127.0.0.1)/{print "zone \""$2"\" { type master; notify no; file \"/etc/zone/master/null.zone.file\"; };"}' >> $TMPDIR/$TMPFILE
        i=$(( i + 1))
done

# Strip out localhost, localdomain, broadcasthost, localhost.localdomain entries, and install the blacklist
cat $TMPDIR/$TMPFILE | sed -e '/"\(local\|broadcast\)\(host\)\?\(.localdomain\)\?"/d' | sort -fu > $BLACKLISTFILE

rm $TMPDIR/$TMPFILE


# Include the new zone data
# This section is adopted from dMajo's script
WorkDir="/var/packages/DNSServer/target/named/etc/zone/data"
cd ${WorkDir}
	if [ -f blacklist.db ] && [ -f null.zone.file ]; then
		#grep -q 'include "/etc/zone/data/ad-blocker.db";' null.zone.file || echo 'include "/etc/zone/data/ad-blocker.db";' >> null.zone.file
		# Rebuild data null.zone.file
		echo 'zone "null.zone.file" {'					> null.zone.file
		echo '	type master;'							>> null.zone.file
		echo '	file "/etc/zone/master/null.zone.file";'>> null.zone.file
		echo '	allow-transfer {any;};'					>> null.zone.file
		echo '	allow-update {none;};'					>> null.zone.file
		echo '	allow-query {any;};'					>> null.zone.file
		echo '};'										>> null.zone.file
		echo 'include "/etc/zone/data/blacklist.db";'	>> null.zone.file
	fi

# reload the zone entries
/volume1/@appstore/DNSServer/script/reload.sh

Note the pre-requisites:

  • You must have DNSServer package installed
  • You should create a master zone called “null.zone.file” in the Zones. See the screenshot below

Then you should be okay.

3 comments

  1. hi, thanks for the instructions.

    I can SSH to the correct directory.
    Then I want to create the file blacklist.sh but don’t have the right permissions. Logged in as admin. Tried several command sudo, su etc.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.